← Back

CVE-2020-37082

nvd nist
Published: Feb 3, 2026Modified: Feb 11, 2026

JSON object

Loading...
8.6
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Affected (1)

Products: Weberp: Weberp
Weberp
1 product
Weberp
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Weberp
Version 4.15.1

Related CWEs

CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.